- name: Check authorisation on sshd
  replace:
    path: /etc/ssh/sshd_config
    regexp: '^\s*AllowGroups(\s+)(.*)ansible(.*)?$'
    replace: 'test'
  check_mode: yes
  register: result
- name: Set authorisation on sshd add group
  lineinfile:
    path: /etc/ssh/sshd_config
    backrefs: true
    regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
    line: 'AllowGroups \1 ansible'
  when: result['changed'] == False